Scammers are sending text messages again. This time such a message was also received by one of our editors on behalf of NLB.
The message says: “NLB: SEPA payment attempt today at 12:07 requires additional approval. Please confirm or cancel this transaction via click-otp.net/placila-pomoc.”
How did we find out it was a scam? Although it appears to have been sent from “NLBKlik”, the online NLB bank, it is a misleading message. The first caveat is that the editor does not have an open transaction account with NLB. The second is that the bank confirmed by e-mail communication that it is a scam.
It also notifies Google Chrome of the scam when it clicks on the link.
If we “ignore” all these warning signs, a website similar to the online NLB bank opens, but only collects login information (username and password).
But what happens if we enter the data anyway? Actually nothing, it is loaded indefinitely. However, it is more likely that the data will be passed on to unprepared people.
After further research, we also found the following facts: The domain was registered in Iceland and was registered on March 7, 2022 – the same day the SMS was sent. Unprepared ones quickly change domains and register them in the past few days.
We also found out that the domain is hosted on the “orangewebsite.com” company’s server, where it is also possible to pay with Bitcoins. In translation, this means that the identity of the person who created the site is completely anonymous.
What can we do? First, let’s check if the message was sent by the bank or not. If we are not sure, we can contact them via call or email. We do not open the link we received, but check if it is marked as suspicious on the VirusTotal.com portal (we can also check files here).
If we are a bit technically qualified, we also check when and where the domain was registered.
The domain can also be registered via email, in this case to [email protected] or directly to the website where the domain was registered or hosted by the website.
Of course, it is possible that the domain will be banned and the website closed, but this only means that the unprepared will try again and create a new site.